Configure a Secure FTP Server Open Source

Very Secure FTP Server (VSFTPD)

FTP is a file transfer protocol  which is use to:-

                                           Upload the file & Folder

                      Download the file & Folder

 vsftp  Service Deamon is vsftpd

3 A’s Base Security

Authenction

Ip based Authentication using TCP wrapper or IPtables

Autherization

Upload Anonymous

Access FTP by local user

Local user uploading & Downloading

Auditing

Log Message  xfer_log message and all other logs

/var/log/xfer_log

Configuration file is  /etc/vsftpd/vsftpd.conf

To check the port number of services /etc/services

Mode of FTP

 Command Mode <Control Mode>

 Data transfer mode

Port 21 and 20

21 is use for connection establishment <Client Request on this port>

20 is use for uploading & downloading

Find the command location of vsftpd

/use/sbin/vsftpd

Note:- Anonymous  Bydefault can download file but not upload

#ldd vsftpd     ------ to check the library of service

vim /etc/hosts.allow --- allow host list
Syntax of content inside the file

Vsftpd: ALL         (if allow all the user)

VSFTPD: 172.16.0.1   (To allow a particular userIP )

Vim /etc/hosts.deny

To  deny the user or network create entry here.

Security Mechanism:-

 PAM

 IPtables

 Cryptography

 Selinux

 TCP Wraper

TCP Wraper:-

Its apply on libwrap.so library file only.

Its work on application layer

Supporting file is /etc/hosts.allow

/etc/hosts.deny

Installation of VSFTPD:-

Yum install vsftpd

Service vsftpd start

#getsebool –a | grep ftp

To check the selinux boolan to on the home directory of user and uploading enable for anonymous user.

If you want to enable home directory for user:-

Setsebool –P (p is here to permanent on) ftp_home_dir on

# vim /etc/vsftpd/vsftpd.conf

configure here server

On Clients

# ftp ip of ftp ser

To connect the server after enter here user and its password.

ftp> get <file name>   Download the file

ftp> put <file name>   Uploading the file.

ftp> mget file1 file2  Download multiple file.

ftp> bye Exit from ftp.

Check the port service of vsftpd running or not.

Netstat –tulpn

Tcp udp list port number

# vim /etc/vsftpd/chroot_list

Create here entry of those user who have restricting for change the directory in FTP mode.

# vim /etc/vsftpd/ftpusers

Create here entry of those users who have deny to login in the FTP

# vim /etc/vsftpd/user_list

If in /etc/vsftpd/vsftpd.conf

Userlist_deny = no

Userlist_enable = yes

Create here entry of those user you have to login access in FTP.

# vim /etc/initd/vsftpd

Execute the scripts of vsftpd.